Tech Friday with Dave Hatter - June 4th 2021 - SPONSORED BY INTRUST IT


JBS Ransomware Attack:

  • JBS, the world's largest meat producer, was hit with a ransomware attack on sites in the US and Australia. The five plants hit process 22,500 cattle per day
  • The ransomware attack posed a possible threat to the U.S. food supply and comes on the tail of other critical infrastructure attacks
  • Cities, schools, hospitals an other critical infrastructure have all been hit with ransomware that encrypt their data and then demands a ransom to decrypt it
  • Attackers will now typically threaten to release information that has been stolen during the encryption process to further incentivize victims to pay the ransom
  • JBS informed US officials about the attack over Memorial Day weekend
  • The FBI said "As the lead federal investigative agency fighting cyber threats, combating cybercrime is one of the FBI's highest priorities. We have attributed the JBS attack to REvil and Sodinokibi and are working diligently to bring the threat actors to justice"
  • The FBI also said "A cyber attack on one is an attack on us all. We encourage any entity that is the victim of a cyber attack to immediately notify the FBI through one of our 56 field offices."
  • The full extent of the damage is still unknown and it's not currently known much money the attackers are demanding or if the company paid
  • JBS said in a statement that its backup servers were unaffected and customer data secured
  • The attack appears to be from a criminal group based in Russia per Deputy Press Secretary Karine Jean-Pierre
  • Andre Nogueira, JBS CEO, said "We have cybersecurity plans in place to address these types of issues and we are successfully executing those plans."
  • Jean-Pierre said the FBI is investigating the incident and the White House is engaging with the Russian government about the attack
  • JBS expected the "vast majority" of its beef, pork, poultry and prepared food plants to fully operation on Wednesday and seems to have hit that goal
  • JBS reportedly had to halt operations at its five largest beef plants in the US as well as some other facilities as a result of the attack
  • "Thanks to the dedication of our IT professionals, our operational teams, cybersecurity consultants and the investments we have made in our systems, JBS USA and Pilgrim's were able to quickly recover from this attack against our business, our team members and the food supply chain" - Andre Nogueira
  • Ransomware continues to be a huge problem
  • "The hackers recognize that they have the ability to impact individuals through very straightforward, simple attacks that can impact critical infrastructure, that impact food supply and ultimately come down to the lives of everyday citizens," said Kiersten Todt, the managing director of the Cyber Readiness Institute.
  • A recent study reported that 2020 saw nearly $350 million in cryptocurrency payments due to ransomware attacks, 3 times that of 2019
  • Attackers can leverage low-cost "software as a service"-style ransomware tools to get started
  • Cryptocurrency like Bitcoin allows criminals to collect ransoms efficiently and anonymously
  • A good backup may be the only way to avoid paying a ransom
  •  The FBI and other have warned against paying a ransom and it may be illegal in some instances
  • The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) said "Ransomware payments made to sanctioned persons or to comprehensively sanctioned jurisdictions could be used to fund activities adverse to the national security and foreign policy objectives of the United States. Ransomware payments may also embolden cyber actors to engage in future attacks" https://cisomag.eccouncil.org/paying-ransom-is-now-illegal-u-s-dept-of-treasury-warns/

Disable Amazon Sidewalk:

  • On June 8, Amazon is launching Sidewalk and new "feature" that creates small, public internet networks powered Amazon "smart" devices (IoT) in your neighborhood
  • Sidewalk is a shared, low-bandwidth, wireless mesh network
  • Unfortunately, this feature will be enabled by default, so if you don't want your devices included you have limited time left to to opt out
  • Amazon devices affected include Ring and Echo devices as well as security cameras, motion sensors, outdoor lights, etc.
  • Per Amazon Sidewalk will 'help devices work better" and "extend the coverage for Sidewalk-enabled devices."
  • Sidewalk requires your neighbors to have Amazon Sidewalk-enabled devices (“Bridges)
  • Amazon said "These Bridge devices share a small portion of your internet bandwidth which is pooled together to provide these services to you and your neighbors. And when more neighbors participate, the network becomes even stronger"
  • Amazon is proactively enabling Sidewalk for all applicable devices
  • New Alexa accounts and devices will also be automatically enrolled
  • If you don't want any applicable Amazon devices you own to participate, you must opt-out
  • Per Amazon Sidewalk networks are triple-encrypted and user's identities and data are obscured
  • For example the "Community Finding" feature will not provide an exact location
  • Amazon says Sidewalk will use 500MB of data a month and 80Kbps of bandwidth at a given moment maximum\
  • Unfortunately, industry standard wireless technologies like Wi-Fi and Bluetooth have a checkered security history
  • WEP, the encryption scheme that protected Wi-Fi traffic was widely used for years before flaws that made decrypting data relatively easy were discovered
  • WPA (which replaced WEP) is more secure but has had issues as well
  • To disable Amazon Sidewalk, go to Settings > Account Settings > Amazon Sidewalk
    • Choose "Community Finding" to disable approximate location sharing but allow Sidewalk
    • Choose "Amazon Sidewalk" to disable all Sidewalk functionality
  • For more information, visit:https://www.amazon.com/Amazon-Sidewalk/b?ots=1&slotNum=1&imprToken=56bce162-e639-a0cf-08a&node=21328123011&linkCode=sl2&tag=techaeris04-20&linkId=95a324431f689c2039d93910ef20d6ab&language=en_US&ref_=as_li_ss_tl

Fifth Third Bank customers targeted by scammers:

  • Fifth Third Bank customers are being targeted by a smishing attack. Smishing is text based rather than email based Phishing
  • Customers are receiving text messages that say "Fifth Third Bank: We locked your debit card to prevent unauthorized payment. To unlock it confirm your identity"
  • Of course a link is included which takes the victim to a bogus website
  • With more people using text messaging, scammers are turning to smishing as yet another attack vector for fraud
  • In regards to smishing, the Federal Trade Commission has said "Some links may take you to a spoofed website that looks real but isn’t. If you log in, the scammers can then steal your user name and password."
  • 5/3rd bank has indicated that these scams are nothing new
  • WCPO reported on a similar attack back in 2016:https://www.wcpo.com/money/consumer/dont-waste-your-money/text-message-from-5th-3rd-bank-is-really-from
  • A Fifth Third spokesperson told WCPO at that time "we will never initiate a phone call or text asking for personal customer information."
  • "Never provide personal information over the phone or via text unless you initiated the call to a verified Fifth Third Bank phone number," - 5/3rd Bank
  • In other words, go out-of-band to lookup legitimate information for the bank, never trust the information in an email, text or voicemail, it can be easily spoofed
  • If you have been targeted by this scam, you can contact53investigation@security.53.com.
  • Get some good cybersecurity tips from the FTC here:https://www.ftc.gov/tips-advice/business-center/small-businesses/cybersecurity/basics

Sponsored Content

Sponsored Content